Chrome, Firefox, Internet Explorer, Opera, and Safari have different security advantages and shortcomings. More important than the browser you choose, however, is how you maintain and use it.
* Don't log on as admin or root when running an Internet browser (or use UAC on Windows Vista, SU on Linux, etc.).
* Make sure the browser, OS, and all add-ons and plug-ins are fully patched.
* Don't be tricked into running malicious code.
* If unexpectedly prompted to install third-party software while browsing a site, open another tab and download the requested software directly from the software vendor's Web site.
* Be careful about which add-ons and plug-ins you use. Many aren't secure, many are very insecure, and some are actually malware in disguise.
As expected, each Web browser had its fair share of security advantages and disadvantages. All of the browsers reviewed here, save Google Chrome, have had years to mature in response to previous malicious attacks. All of the browsers had SSL/TLS (Secure Sockets Layer/Transport Layer Security) support, anti-phishing filters, pop-up ad blocking, cross-site script (XSS) filtering, automated updates, private session browsing, and cookie handling. The following review summaries highlight their differences. Click the links to the full reviews for more detail. See also the table, "Web browser security features," comparing security features among all of the browsers.
Google Chrome 1.0
Chrome has the potential to be one of the most secure Internet browsers, but its initial showing only leaves significant questions. Read the complete review.
Mozilla Firefox 3.12
Mozilla's Firefox deserves the growing market share it has today. It is a battle-tested veteran with best-in-class cipher support, excellent add-on management, and growing enterprise features. Firefox has a fair amount of security granularity and is the only browser besides Internet Explorer to provide multiple security zones, although they are not easy to configure.
Microsoft Internet Explorer 8 beta 2
Internet Explorer is the most frequently attacked browser in the world. Its popularity, complexity, and support of ActiveX controls gives it an elevated risk as compared to the rest of the competition. Still, it also has best-in-class enterprise support, superior security granularity, and multiple security zones in which to deploy Web sites with different trust requirements. It's the only browser with built-in parental controls and a granular add-on manager.
It is also the only browser with serious enterprise management features, providing more than 1,200 customizable settings across multiple security zones. For example, the U.S. government requires what is called FDCC (Federal Desktop Core Configuration) on all of its software, and FIPS (Federal Information Processing Standards) ciphers only. Tens of millions of PCs fall under these requirements. Only IE allows these policies to be enforced across all desktops. It is difficult to achieve with any of the other browsers.
IE 8 is bringing many new features to the table, including per-user and per-site control of ActiveX programs and other add-ons. Its improved base security model is second only to Google's Chrome, and nearly every security feature it has is mature and built for enterprise use. Read the complete review.
Opera is a solid browser that deserves more market share in the PC world. It has impressive security granularity, good anti-DoS handling, strict Extended Validation certificate handling, and many unique features. Its lack of market share means it hasn't been as tested as Internet Explorer and Firefox, but it has been involved in fighting many found vulnerabilities.
On the downside, Opera doesn't support DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization), or ECC (Elliptical Curve Cryptography) ciphers. These deficiencies need to be corrected before its use can be more highly recommended. Even now, I invite readers to check out Opera. I think many people will be pleasantly surprised. Read the complete review.
Apple Safari 3.2.1
Apple's Safari browser has many good features, but lacks security granularity and zones. It has good pop-up blocking, good local password protection, and a surprisingly accurate anti-phishing filter. Unfortunately, DEP is disabled, something that needs to be corrected. Safari has the weakest cipher support, failing to offer AES ciphers, 256-bit keys, or ECC ciphers.
Safari always automatically prompts the user before downloading files, and it prevents some high-risk files from being executed before downloading. Safari has good default cookie control. It is one of only two browsers in this review (the other is Chrome) to prevent all writes by third-party cookies by default, which is a nice privacy bonus. Although local password protection is strong, Safari had the weakest remote password handling of the bunch. Safari is a great-looking browser but a mixed bag with respect to security. Read the complete review.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
An unlikely combination of two Windows updates can reduce scan times from hours to minutes
With myriad problems now evident, it may be best to skip the Anniversary Update for now
InfoWorld's top picks in open source business applications, collaboration, and middleware
Apple improved almost everything about the iPhone 7, from the processor to the camera. Then they took...
An extension based on the Language Server Protocol offers developers expanded use of Microsoft's...
This hornet’s nest of rollup patches, .Net offal, and miscellany looks remarkably like the mess we’re...